burger icon
Cash Point United Kingdom
Log In

Privacy Policy

This Privacy Policy explains how Cashpoint Solutions Limited ("we", "us", "our") collects, uses, discloses, protects and stores personal data in connection with the online gambling services offered for the brand Cash Point via the website cespoints.com (the "Website"). It applies to players, prospective players, and other visitors who access or use cespoints.com from the United Kingdom and, where applicable, from other jurisdictions.

We process personal data in accordance with the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and other applicable data protection and gambling regulations. For users located in Mexico, certain provisions of Mexican data protection law may also apply, as explained below.

By registering an account, placing bets or otherwise using cespoints.com, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy is effective from 15 January 2026 and will remain in force until superseded by an updated version.

Who We Are

OBSERVE: The services associated with Cash Point are provided to UK players via cespoints.com by a licensed operator. To ensure transparency, we identify the legal entity and its regulatory framework.

EXPAND: The controller responsible for your personal data is:

  • Controller / Operator: Cashpoint Solutions Limited
  • Registered office / legal address: 15 Trinity Square, London, EC3N 4AA, United Kingdom
  • Regulatory authorisation: Licensed and regulated by the UK Gambling Commission under Account No. 39606 for the provision of remote gambling services to customers in Great Britain.
  • Legal entity type: Limited company (Ltd) and part of the wider Gauselmann Group corporate structure.

For the purposes of UK data protection law, Cashpoint Solutions Limited is the "data controller" in respect of personal data processed through cespoints.com for the brand Cash Point.

Data protection contact:

  • Email: support@cespoints.com (please include "Data Protection" in the subject line for faster routing to our data protection team)
  • Postal: Data Protection Team, Cashpoint Solutions Limited, 15 Trinity Square, London, EC3N 4AA, United Kingdom
  • Live chat: Available via our support channels (currently 09:00 - 23:00 CET); please request to speak with the data protection team where necessary.

REFLECT: Our data protection team, which performs the functions of a Data Protection Officer ("DPO") where required, oversees compliance with this Privacy Policy and applicable privacy laws. You may contact them at any time with questions about how your personal data is processed.

What Personal Data We Collect

OBSERVE: To operate an online gambling service under strict UK regulation, we must collect and process a range of personal, technical, financial and behavioural data. This enables us to identify you, comply with KYC/AML rules, operate your account, and protect both you and us against fraud and misuse (including VPN and IP masking).

Identification and Contact Data

  • Personal details: Full name, date of birth, gender (where provided), nationality and place of residence.
  • Contact details: Email address, postal address, mobile and/or landline telephone number and preferred language of communication.
  • Verification data: Copies or data from identity documents (e.g. passport, national ID, driving licence), proof of address (utility bill, bank statement), and information obtained from identity and age verification providers.

Account, Behavioural and Usage Data

  • Account data: Username, account number, security credentials (stored in hashed form), account settings, communication preferences and responsible-gambling limits.
  • Behavioural data: Betting and gaming history, stakes, wins and losses, frequency and duration of sessions, self-exclusion or time-out history, and patterns indicative of potential problem gambling or bonus abuse.
  • Interaction data: Records of contacts with customer support (email, live chat logs), complaints, and internal notes relevant to the management of your account.

Technical and Device Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings, and time zone.
  • Usage logs: Login and logout times, pages and features accessed, clicks, navigation paths, session timestamps and performance metrics.
  • Location and VPN-related data: Approximate geolocation derived from IP address and other indicators used to detect prohibited IP masking, VPN use or attempts to access from blocked jurisdictions (such as the USA, France or Spain).

Payment and Financial Data

  • Transaction data: Deposits, withdrawals, payment method type, currency, amounts, timestamps and related account balances.
  • Payment instrument data: Limited card or account identifiers (such as partially masked card numbers or IBAN), digital wallet identifiers and payment status codes as provided by our payment service providers.
  • Source-of-funds / affordability data: Where required under KYC/AML and responsible gambling rules, information on occupation, income, bank statements or similar documentation.

Cookies and Similar Technologies

  • Cookies: Small text files stored on your device, including session cookies, persistent cookies and third-party cookies used for functionality, security, analytics and marketing (explained further in the Cookies & Tracking Technologies section).
  • Similar technologies: Web beacons, pixels, tags, SDKs and local storage used to measure impressions, prevent fraud and provide a consistent experience across devices.

REFLECT: We do not intentionally collect data relating to individuals under 18 years of age. If we become aware that we have collected such data, we will take steps to delete it and may close the corresponding account.

Legal Basis for Processing

OBSERVE: UK GDPR requires us to rely on specific legal grounds when processing personal data. Different processing activities may rely on different bases.

EXPAND: We primarily rely on the following legal bases:

  • Performance of a contract: We process personal data to register and manage your account, verify your identity, enable deposits and withdrawals, provide betting and gaming services, notify you about changes to our terms or services, and handle your requests and complaints.
  • Compliance with legal obligations: We are legally required to perform age and identity verification, conduct anti-money laundering and counter-terrorist financing checks, assess affordability in some cases, prevent self-excluded persons from gambling, keep certain transaction and account records, and report suspicious activities to relevant authorities.
  • Legitimate interests: We process personal data to:
    • Monitor, detect and prevent fraud, bonus abuse, money laundering, VPN/IP masking and other prohibited activities;
    • Secure our systems and services, ensure availability and integrity, and investigate incidents;
    • Analyse usage patterns to improve the Website, products and user experience;
    • Protect our legal rights and establish, exercise or defend legal claims.
  • Consent: We rely on your consent for certain uses, such as:
    • Sending direct electronic marketing communications that are not otherwise permitted by law;
    • Using non-essential cookies and similar technologies for analytics and advertising purposes;
    • Sharing data with certain third-party advertising partners where this is not strictly necessary for service provision.
  • Vital interests and public interest (rare): In exceptional cases, we may process or share information to protect your vital interests or those of another person, or where required in the public interest (e.g. law enforcement requests).

REFLECT: Where processing is based on consent, you may withdraw that consent at any time through your account settings, via the unsubscribe link in our communications or by contacting support@cespoints.com. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

Purpose of Processing

OBSERVE: Personal data is processed only for specified, explicit and legitimate purposes. These purposes are closely linked to the provision of gambling services through cespoints.com for Cash Point.

EXPAND: We use your personal data for the following purposes:

  • Provision of services: Creating and managing your account; verifying your identity and age; processing deposits and withdrawals; settling bets and games; providing customer support and technical assistance; and enabling you to access and use all functionalities of the Website.
  • Regulatory compliance and risk management: Performing KYC and AML checks; complying with responsible gambling obligations; preventing access from blocked jurisdictions; enforcing VPN and IP-masking prohibitions; and maintaining records required by the UK Gambling Commission and other authorities.
  • Service improvement and analytics: Analysing aggregated and pseudonymised data to understand performance, detect usability issues, measure the effectiveness of promotions and improve products and services. Where possible, analytics are conducted using de-identified or aggregated data.
  • Marketing and personalisation: Sending you promotional communications about products, bonuses and offers associated with cespoints.com, subject to your marketing preferences; displaying personalised content such as recommended games; and conducting surveys or feedback campaigns.
  • Fraud prevention and security: Monitoring behaviour, transactions and technical signals to detect and prevent fraud, account takeover, collusion, money laundering, bonus abuse and other suspicious or unlawful activities; as well as protecting against cyberattacks and system misuse.
  • Legal and business purposes: Handling disputes and complaints, responding to legal requests, enforcing our Terms and Conditions, and managing corporate transactions or restructurings where permitted by law.

REFLECT: We will not use your personal data for purposes that are incompatible with those described above without informing you and, where required, obtaining your consent.

Disclosure & Sharing

OBSERVE: To deliver and support the services on cespoints.com, we share personal data with carefully selected third parties. Such sharing occurs under strict contractual and legal safeguards.

EXPAND: We may disclose your personal data to the following categories of recipients:

  • Group companies and affiliates: Other entities within the Gauselmann Group that assist in providing or improving our services, subject to appropriate intra-group data protection arrangements.
  • Payment service providers and banks: Providers that process deposits and withdrawals, verify payment instruments and assist in preventing fraud and chargebacks.
  • Verification, risk and analytics service providers: Identity verification agencies, credit reference agencies (where lawful), AML and sanctions-screening providers, fraud-detection tools, geolocation and VPN-detection services, and analytics vendors.
  • IT, hosting and infrastructure providers: Companies that host the Website, maintain databases, provide cloud services, backup and disaster recovery, and other technical support functions.
  • Professional advisers: Lawyers, auditors, consultants and accountants who require access in the course of providing professional services to us, under duties of confidentiality.
  • Marketing and advertising partners: Where you have consented, we may share limited data (e.g. identifiers and preferences) with marketing agencies, affiliates and advertising networks to deliver or measure campaigns related to cespoints.com.
  • Regulators, authorities and dispute bodies: The UK Gambling Commission, financial intelligence units, law enforcement agencies, taxation authorities and other competent public bodies, where required to meet legal or regulatory obligations or to report suspicious activities. For gambling-related disputes, we may share relevant data with approved alternative dispute resolution entities where necessary to handle your complaint.
  • Corporate transactions: In connection with any merger, acquisition, restructuring or sale of assets, subject to appropriate confidentiality safeguards and, where required, your consent or notification.

We do not sell your personal data in exchange for monetary consideration. We only share personal data with third parties that are bound by contractual obligations to protect it and to process it solely on our documented instructions, except where those parties act as independent controllers (for example, regulators or certain payment providers).

REFLECT: Whenever data is shared, we apply the principle of data minimisation and disclose only what is necessary for the specific purpose.

International Transfers

OBSERVE: Some of our service providers and group companies may be located outside the United Kingdom, which can involve transfers of personal data to countries with different data protection laws.

EXPAND: Where personal data is transferred outside the UK (for example to countries within the European Economic Area, or to other jurisdictions where our group entities or processors are established), we ensure that an adequate level of protection is provided to your data by implementing one or more of the following safeguards:

  • Use of jurisdictions that have been recognised by the UK government as providing an adequate level of data protection;
  • Execution of Standard Contractual Clauses and, where appropriate, the UK International Data Transfer Addendum or equivalent instruments approved by the Information Commissioner's Office ("ICO");
  • Implementation of additional technical and organisational measures, such as strong encryption in transit and at rest, strict access controls and data minimisation; and
  • Regular assessment of the legal environment of the destination country, and additional safeguards where necessary.

For users located in Mexico, cross-border transfers are carried out in line with the applicable transfer provisions under Mexican data protection law, including appropriate contractual clauses and information about the receiving parties where required.

REFLECT: You may contact us for further details of the safeguards we apply to specific international transfers that relate to your personal data.

Data Retention

OBSERVE: We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting and reporting requirements.

EXPAND: Retention periods depend on the type of data and our legal obligations, in particular under UK gambling and AML regulations:

  • Account and identification data: Typically retained for the duration of your active account and, after closure, for a period normally not exceeding 5 to 7 years, to comply with anti-money laundering rules, gambling regulatory requirements and to defend potential legal claims.
  • Transaction and payment data: Retained for periods required by financial regulations and tax laws, generally up to 7 years after the relevant transaction or account closure.
  • Responsible gambling and behavioural data: Retained for as long as necessary to comply with responsible gambling obligations, oversee self-exclusions or time-outs, and demonstrate compliance to regulators, which may extend beyond account closure.
  • Customer support and complaint records: Retained for the period during which a complaint, investigation or dispute may reasonably arise, typically up to 6 years in line with limitation periods for legal claims.
  • Marketing data: Retained until you withdraw consent, opt-out or your account is closed, subject to shorter retention where local law requires.
  • Cookies and analytics data: Retained in accordance with the lifetimes indicated in our cookie settings interface and browser controls; session cookies generally expire when you close your browser, while persistent cookies last for a predefined period unless deleted.

When personal data is no longer required, we will either securely delete or irreversibly anonymise it so that it can no longer be associated with you.

REFLECT: Where we are unable to delete data due to overriding legal obligations, we will restrict its processing and keep it only for the purposes of compliance and legal defence.

Your Rights

OBSERVE: As a data subject, you have specific rights over your personal data. These rights arise under the UK GDPR and, where applicable, under other laws such as Mexican data protection legislation.

EXPAND (UK and EU-style rights): Subject to certain conditions and exceptions, you have the right to:

  • Access: Obtain confirmation as to whether we process your personal data and receive a copy of the data we hold about you, together with relevant information about the processing.
  • Rectification: Request correction of inaccurate or incomplete personal data. You can also update certain details directly via your account settings.
  • Erasure: Request deletion of your personal data where there is no valid reason for us to continue processing it (for example, where data is no longer necessary for the purposes for which it was collected and we have no legal obligation to retain it).
  • Restriction: Request that we restrict processing of your data, for example while we verify its accuracy or evaluate an objection.
  • Objection: Object to processing based on our legitimate interests, particularly for direct marketing, in which case we will stop processing for that purpose.
  • Data portability: Receive certain personal data in a structured, commonly used and machine-readable format and request that we transmit it to another controller, where technically feasible.
  • Withdrawal of consent: Withdraw consent at any time for processing activities that rely on your consent (such as certain marketing or non-essential cookies).

EXPAND (Mexican ARCO-style rights): If you are located in Mexico and Mexican data protection law applies, you may also exercise ARCO rights (Acceso, Rectificación, Cancelación y Oposición) in line with the Federal Law on Protection of Personal Data Held by Private Parties and related regulations. These rights correspond in substance to access, rectification, cancellation (erasure) and objection and will be handled through the same contact channels.

Procedures, timeframes and cost:

  • You may exercise your rights by contacting us at support@cespoints.com or via postal mail to our registered office, clearly indicating that your request concerns privacy or data protection.
  • We may need to request specific information to verify your identity before acting on your request.
  • We aim to respond to all valid requests within one month (30 days). Where a request is particularly complex or you have made multiple requests, we may extend this period, and we will inform you of any such extension and the reasons for it.
  • We will not charge a fee for processing your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by law.

REFLECT: Certain rights may be limited where we have overriding legal obligations, such as retaining data for AML or gambling regulatory purposes. In such cases we will explain the legal basis for any limitation on your request.

Cookies & Tracking Technologies

OBSERVE: We use cookies and similar technologies to make cespoints.com function properly, to secure your account, to analyse performance and, with your consent, to personalise content and marketing.

EXPAND: The main types of cookies and similar technologies we use include:

  • Strictly necessary (functional) cookies: Session and persistent cookies that are essential to enable core features such as logging in, maintaining your session, processing bets and ensuring security (e.g. fraud prevention and load balancing). These cookies cannot be switched off in our systems, as the Website will not function properly without them.
  • Preference cookies: Cookies that remember your language settings, display preferences and other choices to provide a more personalised experience.
  • Analytics and performance cookies: Cookies and similar technologies that help us understand how visitors use the Website, which pages are most popular, how users navigate and whether error messages are encountered. This information is used in aggregated form to improve our services.
  • Advertising and marketing cookies: Third-party or first-party cookies, pixels and tags that may be used (with your consent) to deliver targeted promotions and measure the effectiveness of campaigns associated with cespoints.com.

Managing cookies:

  • On your first visit and periodically thereafter, you will be presented with a cookie consent interface where you can accept or reject non-essential cookies and adjust your preferences.
  • You can modify your cookie settings at any time through the cookie management panel available on the Website, or by changing your browser settings to block or delete cookies.
  • Please note that blocking certain cookies may affect the functionality or performance of the Website.

REFLECT: For detailed, up-to-date information about the specific cookies used on cespoints.com (including names, purposes and lifetimes), please refer to our dedicated cookie settings interface and any accompanying cookie information provided there.

Data Security

OBSERVE: Protecting your personal data is a core obligation under both data protection and gambling regulations. We adopt a risk-based approach to security, taking into account the nature of the data, the scope of processing and the threats faced by online gambling platforms.

EXPAND: We implement a combination of technical and organisational measures designed to maintain the confidentiality, integrity and availability of personal data, including:

  • Encryption: Use of modern transport layer security (TLS 1.2 or higher) to protect data in transit between your browser and our servers, as well as encryption of sensitive data at rest where appropriate.
  • Access controls: Strict role-based access to systems and data, with multi-factor authentication and least-privilege principles applied to administrative accounts.
  • Network and application security: Firewalls, intrusion detection and prevention systems, anti-malware solutions, vulnerability management and regular security testing of key systems.
  • Operational security: Secure development practices, change management processes, backup and disaster recovery procedures to ensure resilience and continuity of services.
  • Monitoring and logging: Comprehensive logging of critical activities, including authentication events, transaction anomalies and security-relevant events, with monitoring for suspicious patterns such as VPN misuse or unusual login locations.
  • Staff training and policies: Regular security and privacy training for employees, confidentiality obligations, and internal policies governing acceptable use and data handling.
  • Incident response: Documented incident response procedures, including detection, containment, investigation, remediation and notification to affected users and regulators where required by law.

Where appropriate, we align our security practices with recognised international standards such as ISO 27001 and SOC 2 principles, while also adhering to security expectations set by the UK Gambling Commission.

Separately from data security, player funds are held in a manner classified by the UK Gambling Commission as providing a "medium" level of protection in the event of insolvency. This relates to the segregation and protection of customer funds and does not affect the technical measures applied to the security of your personal data.

REFLECT: While no system is completely immune to risk, we continually review and enhance our security measures to respond to evolving threats and regulatory expectations.

Complaints & Contacts

OBSERVE: You have the right to raise concerns or complaints about how your personal data is processed. We are committed to resolving such issues promptly and transparently.

EXPAND (Contacting us):

  • Email: support@cespoints.com (for privacy matters, please include "Privacy Complaint" or "Data Protection Request" in the subject line)
  • Postal address: Data Protection Team, Cashpoint Solutions Limited, 15 Trinity Square, London, EC3N 4AA, United Kingdom
  • Live chat: Available via our support channels during published hours; you may request escalation to the data protection team.

Internal complaint procedure:

  1. Submission: Send us your complaint or query via email, post or live chat, providing sufficient detail to understand the issue and locate your account.
  2. Acknowledgement: We will acknowledge receipt of your complaint as soon as reasonably practicable and typically within a few working days.
  3. Investigation: Our data protection team will investigate your complaint, which may involve requesting additional information to verify your identity or clarify the facts.
  4. Response: We aim to provide a substantive response within one month (30 days) of receiving a complete complaint. For complex matters, we may extend this period in accordance with applicable law and will inform you of the extension and reasons.
  5. Further steps: If you remain dissatisfied after our final response, you may escalate the matter to the relevant supervisory authority, as described below.

Supervisory authorities and external escalation:

  • United Kingdom: You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority. Further information on how to complain is available at www.ico.org.uk.
  • European Union (where applicable): If you are located in an EU Member State and EU data protection law applies, you may have the right to complain to your local data protection authority.
  • Mexico (where applicable): If Mexican data protection law applies to you, you may lodge a complaint with the Mexican data protection authority, the Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI). Up-to-date contact information is available at www.inai.org.mx.

REFLECT: We encourage you to contact us first so that we can try to resolve your concern directly. This does not affect your right to approach a supervisory authority at any time.

Updates

OBSERVE: Legal requirements, regulatory guidance and our services may evolve over time. We may therefore update this Privacy Policy from time to time.

EXPAND: When we make material changes to this Privacy Policy, we will:

  • Publish the updated version on cespoints.com with a new "Last updated" date;
  • Provide prominent notice on the Website, for example via a banner or notification in your account area;
  • Where appropriate, inform you by email or other direct communication, especially where changes materially affect your rights or how we use your data; and
  • Give you reasonable advance notice (normally at least 30 days) before significant changes take effect, unless immediate changes are required by law or regulators.

During any notice period, you may review the updated Privacy Policy and, if you do not agree with it, you may choose to close your account and stop using the services. Continued use of cespoints.com after the effective date of an updated policy will constitute acceptance of the changes, to the extent permitted by law.

REFLECT: For your convenience and transparency, we maintain version control of this Privacy Policy and can provide a summary of material historical changes upon request.

Last updated: 15 January 2026.